[PATCH v2 0/7] makedumpfile security key filtering with eppic
aravinda at linux.vnet.ibm.com
Wed Nov 21 02:19:58 EST 2012
On 2012-11-20 15:17, Atsushi Kumagai wrote:
>>> As I mentioned, we don't need vmlinux in initramfs as filtering is done
>>> during post processing only.
>> You are missing the point. The point is that despite the fact that
>> scrubbing will never be done from initramfs, all the users will pay
>> penalty for increased makedumpfile size.
>> So why not write a separate tool (scrub-vmcore) so that makedumpfile
>> users don't pay the bloated size penatly.
> As Vivek said, I think it's difficult to persuade almost all distributor
> to specify EPPIC=on.
> So, it seems that separate tool is better way for both user and distributor.
> If you will make it, I will drop eppic support from v1.5.1 and export core
> functions from makedumpfile as library for such tools in the future.
> Does this meet your purpose, Aravinda ?
How about distributions building two targets one with default
makedumpfile and other with EPPIC=on, which can be done by a simple
modification to Makefile. Default makedumpfile will go into initramfs
and the one with EPPIC=on can be used for filtering. This will avoid
initramfs bloat and will also save effort in developing a new tool and
exporting makedumpfile functions to a library. Also if we build a new
tool, eventually, we will end up sharing the existing makdumpfile code.
> Atsushi Kumagai
> kexec mailing list
> kexec at lists.infradead.org
More information about the kexec